Rule Description

  • This section gives you a general idea of the aforementioned rule and tells you why it should be adhered to.

Results Tab

  • This consists of all the Failed Resources, Ignored Resources, and the possible fixes available.

Filter Tab

  • This consists of a set of options that can be used to filter out the resources for which the rule should apply. If the options are not set, by default, all resources which fail to comply to the rule will appear.

Action Tab

  • Once marked, you can choose to undertake a specific action such as 'Stop', 'Delete', etc, after a resource repeatedly fails a rule over a user specified period of time.

Consider the following illustration of the Public S3 Bucket rule,


Rule Description

An S3 Bucket when made public is automatically vulnerable to security breaches. Apart from this, you will be billed by AWS for every download from a bucket. If there is an unprecedented amount of traffic due to some malicious attack it will quickly become expensive. Hence, a bucket with public permissions should be made private.


Results Tab



  • Here, the Failed Resources section contains a list of all the Public S3 Buckets present.
  • The Ignore Resources section gives you the option of bypassing the rule for few or all resources.
  • This can be done by selecting the resource(s), and then clicking on Ignore All/ Ignore Selected.
  • On doing this, you can see that the selected resource(s) are now present in the Ignore Resources section.
  • If you want to revert this action you can select the Revoke/ Revoke All option. (ask)
  • If an automated fix is not available, you can follow the steps provided in 'how to fix'.

Filter Tab



  • Filters can be used to apply the rule to S3 Buckets over only specfic regions.
  • This can be done by specifying the Region.
  • You can go one step further by specifying the tag(s) of the resource(s) in the 'Inlcude resources with tags' option.
  • Once this is done, only the tagged resource(s) will be picked up.
  • The same goes for explicitly excluding a resource by specifying the tag(s) of the resource(s) in the 'Exclude resources with tags' option.
  • Once this is done the tagged resource(s) will not be picked up.

Action Tab



  • On marking the Action tab you can choose to automate an action such as Delete, Stop, etc, for the failing resources after a user specified period of time.

NOTE :

  1. Initally, when your account is created none of the policies will be failing, after one cycle ie, the next day you will be able to the failing resources.
  2. Similarly, the applied changes to policies will be updated during the next cycle.
  3. The actions present in the actions tab are irrevocable.